/* Copyright 2004-2005 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT c;pWARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

/**
 * A taglib to help with J2EE security implementations (e.g. ACEGI) within Grails.
 *
 * @author Joe Mooney
 * @since 23-November-2006
 */
class AuthTagLib {

    // Execute main body only if the user is logged in
    def ifLoggedIn = {attrs, body ->
        if (getUserName()) {
            out << body{}
        }
    }

    // Execute main body only if the user is NOT logged in
    def ifNotLoggedIn = {attrs, body ->
        if (!getUserName()) {
            out << body{}
        }
    }

    // Execute main body only if the user is logged in and has one of the roles requested
    def ifUserHasRole = {attrs, body ->
        if (userHasOneOfRequiredRoles(attrs.roles.split(/,/))) {
            out << body{}
        }
    }

    // Execute main body only if the user is logged in and has none of the roles requested
    def ifUserHasNoRole = {attrs, body ->
        if (!userHasOneOfRequiredRoles(attrs.roles.split(/,/))) {
            out << body{}
        }
    }

    // Output the signed on user name (if they are logged in)
    // Modified by sverdianto : Acegi specific action - linked to User domain model
    def loggedInUser = { attrs, body ->
        def username = getUserName()
        if(username) {
            def user = User.findByUsername(username)
            if(attrs.field) {
                out << "${user.profile.fullname}"
            } else {
                out << "${user.username}"
            }
        }
    }

    /*
     * Execute main body only if the user is logged in and is either an admin user (based on supplied roles) or
     * if they were the creator of the bean (based on the supplied userName)
     */
    def ifUserCanEdit = {attrs, body ->
        def userIsGood = false
        def adminRoles = attrs["adminRoles"]
        if (adminRoles) {
            userIsGood = userHasOneOfRequiredRoles(adminRoles.split(/,/))
        }
        if (!userIsGood) {
            def userName = attrs["userName"]
            def signedOnUserName = getUserName();
            if (signedOnUserName && userName == signedOnUserName) {
                userIsGood = true
            }
        }
        if (userIsGood) {
            out << body{}
        }
    }


    // Helper method to get the user name
    private def getUserName = {
		request.remoteUser
        return request.remoteUser
    }

    // Helper method to indicate if a user has at least one of the requested roles
    private def userHasOneOfRequiredRoles = {requiredRoles ->
        def userHasOneRole = false
        if (getUserName()) {
            requiredRoles.each {roleRequired ->
                if (request.isUserInRole(roleRequired)) {
                    userHasOneRole = true
                }
            }
        }
        return userHasOneRole
    }
}